AMENDMENTS TO THE CLAIMS 
The following listing of claims replaces all prior listings of claims in this application. 



1. (Previously Presented) A method for securely removing a device from at least one of a 
plurality of devices in a network while protecting a content from unauthorized use or 
distribution, the method comprising: 

calculating an encryption key for the protected content in the network, based at least 
in part on a list of the plurality of devices in the network; 

tentatively marking the device for removal, by modifying the list of the plurality of 
devices in the network, wherein the list of the plurality of devices is included in an 
authorization table; 

the device marked for removal automatically acknowledging the removal; 

automatically recording the removal of the device in the authorization table; 

recalculating the encryption key for all the devices remaining in the network and the 
protected content, using the modified list; and the authorization table; and 

reencrypting the protected content with the recalculated encryption key. 

2-3. (Canceled) 
^r(OfigiMl) T^ 

including a key management block in the calculation. 

5. (Canceled) 

6. (Original) The method of claim 1, wherein recalculating the encryption key comprises 
including the binding identification for the plurality of devices, excluding the device to be 
removed. 

7. (Original) The method of claim 1, wherein the protected content is encrypted with a title 
key; 
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and further comprising reencrypting the title key with the recalculated encryption key. 

8. (Previously Presented) A system for securely removing a device from at least one of a 
plurality of devices in a network while protecting a content from unauthorized use or 
distribution, the system comprising: 

an encryption key that is calculated for the protected content in the network, based at 
least in part on a list of the plurality of devices in the network; 

the device being tentatively marked for removal by modifying the list of the plurality 
of devices in the network, wherein the list of the plurality of devices is included in an 
authorization table; 

the device marked for removal automatically acknowledging the removal; 

the authorization table automatically recording the removal of the device; 

the encryption key being recalculated for all the devices remaining in the network 
and the protected content, using the modified list and the authorization table; and 

the protected content being reencrypted with the recalculated encryption key. 

9-10. (Canceled) 

11. (Original) The system of claim 8, wherein the encryption key is recalculated using a key 
mffiageme~n^ 

12. (Canceled) 

13. (Original) The system of claim 8, wherein the encryption key is recalculated using the 
binding identification for the plurality of devices, excluding the device to be removed. 

14. (Original) The system of claim 8, wherein the protected content is encrypted with a title 
key; and 

further comprising the title key being reencrypted with the recalculated encryption 

key. 
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15. (Original) The system of claim 8, wherein the plurality of devices comprise any one or 
more of: 

a television, a set top box, a personal video recorder, a video cassette recorder, a 
compact disk player, a compact disk player recorder, a personal computer, a portable music 
player, an audio player, a video player, a game console, and a personal network storage 
device. 

16. (Withdrawn) A method for securely removing a protected content from at least one of a 
plurality of devices in a network, the method comprising: 

calculating an encryption key for the protected content in the network, based at least 
in part on a list of the previously removed content; 

marking the protected content for removal, by modifying the list of the removed 
content; 

recalculating the encryption key using the modified list; and 
reencrypting the protected content with the recalculated encryption key. 

17-18. (Canceled) 



19. (Withdrawn) The method of claim 16, wherein recalculating the encryption key 
comprises including a key management block in the calculation. 

20. (Withdrawn) The method of claim 16, wherein recalculating the encryption key 
comprises including an authorization table in the calculation. 

21. (Withdrawn) The method of claim 16, wherein recalculating the encryption key 
comprises including the binding identification for the plurality of devices. 
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22. (Withdrawn) The method of claim 16, wherein the protected content is encrypted with a 
title key; and 

further comprising reencrypting the title key with the recalculated encryption key. 

23. (Withdrawn) A system for securely removing a protected content from at least one of a 
plurality of devices in a network, the system comprising: 

an encryption key that is calculated for the protected content in the network, based at 
least in part on a list of the previously removed content; 

the protected content to be removed being marked for removal by modifying the list 
of removed content; 

the encryption key being recalculated using the modified list; and 

the protected content being reencrypted with the recalculated encryption key. 

24 -25. (Canceled) 

26. (Withdrawn) The system of claim 23, wherein the encryption key is recalculated using a 
key management block in the calculation. 

27. (Withdrawn) The system of claim 23, wherein the encryption key is recalculated using 
an authorization table in the calculation. 

28. (Withdrawn) The system of claim 23, wherein the encryption key is recalculated using 
the binding identification for the plurality of devices. 

29. (Withdrawn) The system of claim 23, wherein the protected content is encrypted with a 
title key; and 

further comprising the title key being reencrypted with the recalculated encryption 

key. 
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30. (Withdrawn) The system of claim 23 , wherein the plurality of devices comprise any one 
or more of: 

a television, a set top box, a personal video recorder, a video cassette recorder, a 
compact disk player, a compact disk player recorder, a personal computer, a portable music 
player, an audio player, a video player, a game console, and a personal network storage 
device. 

3 1 . (Withdrawn) A method for recovering from a failure of a device from a plurality of 
devices in a network, the method comprising: 

an operating device acquiring a secret network ID for the network based upon a secret 
relationship between an identity and a secret binding ID of the device; 

calculating an encryption key for a protected content in the network based at least in 
part on the secret network ED; and 

upon device failure, communicating with a service server with a priori knowledge of 
the secret relationship, and acquiring the secret network ID. 

32. (Withdrawn) The method of claim 31, wherein calculating the encryption key comprises 
including a key management block in the calculation. 

33. (Withdrawn) The method of claim 31 , wherein calculating the encryption key comprises 
including an authorization table in the calculation. 

34. (Withdrawn) The method of claim 31, wherein calculating the encryption key comprises 
including the binding identification for the plurality of devices, excluding the device that has 
failed. 

35. (Withdrawn) The method of claim 31, wherein the secret relationship comprises an 
encryption of the secret network ID of the operating device with a secret key. 
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36. (Withdrawn) A system for recovering from a failure of a device from a plurality of 
devices in a network, the system comprising: 

an operating device that acquires a secret network ID for the network based upon a 
secret relationship between an identity and a secret binding ID of the device; 

an encryption key that is calculated for a protected content in the network based at 
least in part on the secret network ID; and 

upon device failure, the system communicates with a service server with a priori 
knowledge of the secret relationship, and acquires the secret network ID. 

37. (Withdrawn) The system of claim 36, wherein the encryption key is recalculated using a 
key management block in the calculation. 

38. (Withdrawn) The system of claim 36, wherein the encryption key is recalculated using 
an authorization table in the calculation. 

39. (Withdrawn) The system of claim 36, wherein the encryption key is recalculated using 
binding identifications for the plurality of devices, excluding the device that has failed. 

40. (Withdrawn) The system of claim 36, wherein the secret relationship comprises an 
encryption of the secret network ID of the operating device with a secret key. 

41 . (Withdrawn) The method of claim 36, wherein the secret relationship is stored in a 
database maintained by the service server. 

42. (Withdrawn) A method for allowing a content provider service to learn a secret binding 
ID in a network of a plurality of devices, the method comprising: 

the content provider service joining the network as one of the plurality of devices; 
the content provider identifying itself as a compliant external service provider; 
excluding the joining content provider service from being counted against a 
maximum number of allowable devices in the network; and 
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providing an integrity check mechanism to confirm that the joining content provider 
service is network compliant. 

43. (Withdrawn) The method of claim 42, wherein the integrity check mechanism comprises 
a message authentication code that is based on a key management block. 

44. (Withdrawn) A system for allowing a content provider service to learn a secret binding 
ID in a network of a plurality of devices, the system comprising: 

the content provider service joining the network as one of the plurality of devices; 

the content provider identifying itself as a compliant external service provider; 

the joining content provider service is not counted against a maximum number of 
allowable devices in the network; and 

an integrity check mechanism that confirms that the joining content provider service 
is network compliant. 

45. (Withdrawn) The system of claim 44, wherein the integrity check mechanism comprises 
a message authentication code that is based on a key management block. 

46. (Withdrawn) A method for maintaining an integrity of a network containing a plurality 
of devices, the method comprising: 

calculating an integrity check value for network files and network values; 
comparing the calculated integrity check value to a saved integrity check value, to 
determine if any one of the network files and the network values has changed; 

calculating an encryption key on the network files and network values; and 
decrypting a protected content in the network using the encryption key. 

47. (Withdrawn) The method of claim 46, wherein the network files comprise a file that 
contains a list of removed files. 
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48. (Original) The method of claim 47, wherein the network files further comprise a file that 
contains a list of deleted content. 

49. (Withdrawn) The method of claim 48, wherein the files that contain the lists of removed 
files and deleted content are stored in at least two different datastores. 

50. (Withdrawn) The method of claim 49, wherein the files that contain the lists of removed 
files and deleted content are contained in an authorization table. 

5 1 . (Withdrawn) The method of claim 50, wherein the network files contain a key 
management block. 

52. (Withdrawn) The method of claim 50, wherein the network values contain a device 
binding ID. 

53. (Withdrawn) The method of claim 46, wherein the integrity check value contains the 
encryption key. 

54. (Withdrawn) The method of claim 46, further comprising restricting playback of a 
protected content in the network. 

55. (Withdrawn) The method of claim 54, wherein restricting the playback of the protected 
content in the network comprises determining if the protected content has an associated 
geographic restriction. 

56. (Withdrawn) The method of claim 55, wherein restricting the playback of the protected 
content in the network further comprises determining if a device to play the protected content 
has an associated geographic limitation. 



ARC920030093US1 
173-0011 



9 



57. (Withdrawn) The method of claim 56, wherein restricting the playback of the protected 
content in the network further comprises preventing the playback of the protected content if 
the geographic restriction of the protected content is not met. 

58. (Withdrawn) The method of claim 56, wherein restricting the playback of the protected 
content in the network further comprises preventing the playback of the protected content if 
the geographic limitation of the device to play the protected content is not met. 

59. (Withdrawn) The method of claim 56, further comprising determining a geographic 
location of the device to play the protected content. 

60. (Withdrawn) The method of claim 59, wherein determining the geographic location of 
the device to play the protected content comprises determining the geographic location based 
on a connection of the device to a cable service. 

61. (Withdrawn) The method of claim 59, wherein determining the geographic location of 
the device to play the protected content comprises determining the geographic location based 
on an internal GPS receiver. 

62. (Withdrawn) The method of claim 59, wherein determining the geographic location of 
the device to play the protected content comprises querying a user about the device 
geographic location. 

63. (Withdrawn) The method of claim 59, further comprising placing a limitation on the 
number of times the geographic location of the device may be changed. 

64. (Withdrawn) A system for maintaining an integrity of a network containing a plurality of 
devices, the system comprising: 

an integrity check value that is calculated for network files and network values; 
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the calculated integrity check value being compared to a saved integrity check value, 
to determine if any one of the network files and the network values has changed; 

an encryption key that is calculated on the network files and network values; and 
a protected content being decrypted in the network using the encryption key. 

65. (Withdrawn) The system of claim 64, wherein the network files comprise a file that 
contains a list of removed files. 

66. (Withdrawn) The system of claim 65, wherein the network files further comprise a file 
that contains a list of deleted content. 

67. (Withdrawn) The system of claim 66, wherein the files that contain the lists of removed 
files and deleted content are stored in at least two different datastores. 

68. (Withdrawn) The system of claim 67, wherein the files that contain the lists of removed 
files and deleted content are contained in an authorization table. 

69. (Withdrawn) The system of claim 68, wherein the network files contain a key 
management block. 

70. (Withdrawn) The system of claim 68, wherein the network values contain a device 
binding ID. 

71. (Withdrawn) The system of claim 64, wherein the integrity check value contains the 
encryption key. 

72. (Withdrawn) The system of claim 64, further comprising a playback restriction 
mechanism to restrict playback of a protected content in the network. 
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73. (Withdrawn) The system of claim 72, wherein the playback restriction mechanism 
determines if the protected content has an associated geographic restriction. 

74. (Withdrawn) The system of claim 72, wherein the playback restriction mechanism 
determines if a device to play the protected content has an associated geographic limitation. 

75. (Withdrawn) The system of claim 74, wherein the playback restriction mechanism 
prevents the playback of the protected content if the geographic restriction of the protected 
content is not met. 

76. (Withdrawn) The system of claim 75, wherein the playback restriction mechanism 
prevents the playback of the protected content if the geographic limitation of the device to 
play the protected content is not met. 

77. (Withdrawn) The system of claim 75, wherein the playback restriction mechanism 
further determines a geographic location of the device to play the protected content. 

78. (Original) The system of claim 77, wherein the playback restriction mechanism 
determines the geographic location of the device based on a connection of the device to a 
cable service. 

79. (Withdrawn) The system of claim 77, wherein the playback restriction mechanism 
determines the geographic location based on an internal GPS receiver. 

80. (Withdrawn) The system of claim 77, wherein the playback restriction mechanism 
queries a user about the device geographic location. 

8 1 . (Withdrawn) The system of claim 77, wherein the playback restriction mechanism places 
a limitation on the number of times the geographic location of the device may be changed. 
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82. (Withdrawn) A method for updating an existing key management block in a network of a 
plurality of devices, the method comprising: 

determining if a current key management block is more recent than the existing key 
management block; and 

if the current key management block is more recent than the existing key 
management block, the plurality of devices in the network accepting the current key 
management block. 

83. (Withdrawn) The method of claim 82, wherein determining if the current key 
management block is more recent than the existing key management block comprises placing 
a revision number in the current key management block. 

84. (Withdrawn) The method of claim 83, wherein the revision number is represented by a 
revision date. 

85. (Withdrawn) The method of claim 83, further comprising signing the current key 
management block. 

86. (Withdrawn) The method of claim 85, wherein determining if the current key 
management block is more recent than the existing key management block comprises the 
plurality of devices in the network verifying a signature of the current key management 
block. 

87. (Withdrawn) The method of claim 86, further comprising the plurality of devices in the 
network accepting the current key management block network if, and only if the signature is 
verified. 

88. (Withdrawn) The method of claim 86, further comprising the plurality of devices in the 
network accepting the current key management block network if, and only if the revision 
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number in the current key management block is not older than a revision number in the 
existing key management block. 

89. (Withdrawn) The method of claim 82, wherein determining if the current key 
management block is more recent than the existing key management block comprises 
comparing the revocation lists in the two key management blocks. 

90. (Withdrawn) A system for updating an existing key management block in a network of a 
plurality of devices, the system comprising: 

a current key management block that is compared for recency relative to the existing 
key management block; and 

if the current key management block is more recent than the existing key 
management block, the plurality of devices in the network accept the current key 
management block. 

91 . (Withdrawn) The system of claim 90, wherein if the current key management block is 
more recent than the existing key management block, a revision number is placed in the 
current key management block. 

92. (Withdrawn) The system of claim 91, wherein the revision number is represented by a 
revision date. 

93. (Withdrawn) The system of claim 91, wherein the current key management block is 
signed. 

94. (Withdrawn) The system of claim 93, wherein if the current key management block is 
more recent than the existing key management block, the plurality of devices in the network 
verify a signature of the current key management block. 
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95. (Withdrawn) The system of claim 94, wherein the plurality of devices in the network 
accept the current key management block network if, and only if the signature is verified. 

96. (Withdrawn) The system of claim 94, wherein the plurality of devices in the network 
accept the current key management block network if, and only if the revision number in the 
current key management block is not older than a revision number in the existing key 
management block. 

97. (Withdrawn) The system of claim 90, wherein the plurality of devices in the network 
accept the current key management block if the list of revoked devices in the current key 
management block is not less than the list of revoked devices in the existing key management 
block. 

98. (New) The method of claim 1 wherein: 

calculating the encryption key includes calculating the encryption key in response to a 
management key from a key management block, a binding ID associated with each of the 
devices on the list and a hash of an authorization table listing authorized devices. 

99. (New) The system of claim 8 wherein: 

the calculated encryption key is calculated using a management key from a key 
management block, a binding ID associated with each of the devices on the list and a hash of 
an authorization table listing authorized devices. 
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